Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-219-1 icu

Debian Security Advisory

DLA-219-1 icu -- LTS security update

Date Reported:

14 May 2015

Affected Packages:

icu

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654.

More information:

Several vulnerabilities were discovered in the International Components for Unicode (ICU) library:

• CVE-2013-1569

  Glyph table issue.

• CVE-2013-2383

  Glyph table issue.

• CVE-2013-2384

  Font layout issue.

• CVE-2013-2419

  Font processing issue.

• CVE-2014-6585

  Out-of-bounds read.

• CVE-2014-6591

  Additional out-of-bounds reads.

• CVE-2014-7923

  Memory corruption in regular expression comparison.

• CVE-2014-7926

  Memory corruption in regular expression comparison.

• CVE-2014-7940

  Uninitialized memory.

• CVE-2014-9654

  More regular expression flaws.

For Debian 6 Squeeze, these issues have been fixed in icu version 4.4.1-8+squeeze3.